Harrison calls for more patience over Verify take-up

The senior responsible owner (SRO) for the government’s Verify identity assurance scheme has called for more patience over the scheme’s slow take- up, arguing similar schemes in other countries have taken up to six years to gain traction.

Government Digital Service (GDS) director of service design and assurance Nic Harrison told the Think Digital Identity for Government conference, a one day event which brought together identity specialists from across the sector to discuss identity in public services, that the government remained committed to Verify “so that people can identify themselves on all government services online by 2020.”

Harrison acknowledged that Verify take up “hasn’t been as fast as we’d hoped or indeed planned” and said the government remains committed to “making the platform more widely available so that people can safely verify their identity to access non government services, such as financial service and e-commerce.” He said that currently 2.2.m people have created a Verify account, and so far performed 6m secure transactions with the government.

Discussing the take-up in other countries, and specifically citing the growth of schemes in Sweden, Denmark and New Zealand, Harrison said, “The GOV.UK Verify service we launched in May 2016, which although it has seemed to have been around a long time, was only two years ago. As we’ve seen internationally, other countries took a similar amount of time to build their schemes and a further six years to achieve 50% adoption.”

Harrison said he wanted to challenge some of the criticisms of the Verify programme.

He said “It’s true that Verify does not meet all the needs of all departments. HMRC, for example, will always have a need to identify businesses and professional third parties. Verify is just not set up to deliver that. It’s a personal, individual service for citizens.”

He continued, “GDS works very closely with HMRC to help facilitate the transfer of any existing citizen facing services from the Government Gateway, which is still with us, although it will be closed by March 2019. Verify is also used to access many HMRC citizen facing services and indeed HMRC is one of the biggest users of Verify.

“I’m also going to talk about Verify’s performance figures. The published statistics are complicated and don’t really tell the whole story.

“We know that the completion rates that are published for Verify are gradually increasing. But it’s not a great measure of their real success. It’s a measure for us internally largely, for the Verify delivery team. We find it useful as a benchmarking tool. But it’s confusing for others and we need to be better at explaining this.”

Harrison said identity fraud is estimated to cost the UK economy £5.4bn each year, with much of that facilitated at least in part by identity misuse.

“Today I am going to talk about how we use digital identity to directly tackle the use of online fraud and save the UK economy huge amounts of money in fraud directly and in back office processing costs,” he said.

“Verify is the government’s initiative to provide a single sign on digital identity solutions for citizens, a secure way for citizens to prove who they are and for citizens to prove to be confident that their identity is protected.

“As you all know, establishing secure, scalable and reliable identity assurance products is a huge challenge for all of us in the digital world. And as is always the case there are financial constraints to consider too. Unfortunately at the moment the cost associated with creating robust digital identities are high.

“Having said that, we mustn’t lose sight of that future state where a digital identity is the norm and the economies of using it are around the cost of transactions rather than the initial high cost of identity creation.

“So why are we striving so hard to create secure digital identities in the first place? Most of you already know, but it is always worth restating, that there is a huge difference between secure sign on and digital ID. And let’s be honest, most of what’s gone before is actually secure sign on.

“Digital identity is part of building secure online transactions end to end and it needs to work hand in hand with other security controls like transaction monitoring. Knowing that the person logging onto a service is really the person who they say they are is critical for us in government.”

He continued, “So how did we come up with a federated solution? Well, research shows there are key differences between those countries that have ID cards and those that don’t. And the poster child for ID card led countries is obviously Estonia. However many countries, and the UK is one of them, do not have a similar identity card scheme – the US, Canada, Australia, New Zealand,. In countries such as that, ubiquitous digital identity can only be achieved through the adoption of standards.

“There are common characteristics between the ID solutions of countries that don’t have identity cards. Those included using multiple suppliers meeting the same standards, some kind of public-private co-operation to deliver the standards, and the leveraging of existing trust frameworks.

“We’ll also continue to look strongly at what other countries are doing to create their digital identities – all are at different stages of development and adoption. And we’re still looking to see how they turn out and what we learn.

“Three examples that are particularly relevant are Sweden’s BankID, which is led by the private sector; Denmark’s NemID, which is a public private partnership; and New Zealand’s RealMe, which is a public sector solution.

New Zealand and Sweden now have “pretty good adoption rates,” he said. “But let’s be frank, it has taken a long time. New Zealand now has a more than 50% adoption rate, in four years of a government-backed ID to banks. Sweden has achieved a more than 50% adoption in ten years, driven entirely by the baking sector. To my knowledge it’s the only entirely private sector led solution that’s got anywhere. But it’s interesting to note that only got off the ground when the government started promoting it.

“Denmark has adopted a similar private public sector approach to the one that I think we’re likely to want to move towards. In general we’ve found that countries that follow this approach have normally taken around six years to achieve a 50% adoption. So let’s not fool ourselves: this is not a quick process.”

Harrison said the government remain committed to making the platform more widely available, saying, “Verify is supporting the rollout of DWP’s Universal Credit service which will increase the number of users who will have access to services through a digital identity solution, saving them from having to visit a job centre carrying bundles of documents as they do today.

“If you were at GDS’ flagship Sprint 18 event last week, you’ll have seen HM Land Registry’s private beta digital mortgage service that users Verify to prove the use if identity online and complete the entire conveyancing process online.”

Discussing the RealMe figures, Colin Wallis, executive director of trust and identity consortium the Kantara Initiative said, “Let’s get the facts correct. 50% is the adoption rate for secure login after 10 years, while adoption for verified identity is about 13% after 4 years.”

(A full account of all the developments and discussions at the Think Digital Identity conference will follow today.)